cve/CVE-2019-14900.md at 9ac4b787af2fa0b7575b28040edee6199ce9a667

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-28 01:04:30 +00:00

0xMarcio 49bdc782b3 Update Sun May 26 14:27:04 CEST 2024

2024-05-26 14:27:05 +02:00

Description

A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.

POC

Reference

No PoCs from references.

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/MDS160902/183-csp
https://github.com/developer3000S/PoC-in-GitHub
https://github.com/shanika04/hibernate-orm

1.0 KiB Raw Blame History

CVE-2019-14900

Description

POC

Reference

Github

1.0 KiB

Raw Blame History